VRRP – Virtual Router Redundancy Protocol

Posted by July 3, 2024 in Networking

In the last tutorial, we discussed HSRP (Hot Standby Routing Protocol). VRRP is similar to HSRP, providing redundancy and high availability in computer networks. Like HSRP, VRRP also creates a virtual gateway and avoids a single point of failure. Before starting the VRRP, first discuss a single point of failure.

virtual-router-redundancy-protocol-vrrp

Single point of failure in computer networks

To understand the single point of failure, start with a simple example:

Look at this topology having a host connected with a layer two switch. This switch is further connected with two routers, i.e., R1 and R2. The Host behind the switch can have only one default gateway. Assume that we have configured the R1 IP address as a default gateway on the Host. The Host can access the internet via R1, and we don’t have any issues at all.

simple-computer-network-without-vrrp

Now, due to any random reason, R1 goes unresponsive and is unable to process any network traffic from the Host. In this case, we must switch the default gateway to R2 to make the internet work. Again, the internet starts working on the end computer.

single-point-of-failure-wihtout-fhrp

However, the switching of the default gateway causes a significant amount of downtime in the network. Further, a single administrator can’t change the default gateways on all LAN computers.

We can use the different FHRP (First-hop redundancy protocol) protocols to avoid downtime. VRRP is also one of the FHRP protocols.

What is VRRP?

VRRP stands for Virtual Router Redundancy Protocol. It is an open-source protocol that provides redundancy and high availability in computer networks. In VRRP, we deploy two or more routers in a group. All of the routers in this group sync with each other. If the master router fails, the backup router takes the master role and starts forwarding the traffic.

Refer to rfc3768 for more detail.

Like HSRP, VRRP also has a Virtual IP & MAC address. This IP becomes the default gateway for the hosts.

VRRP uses a Multicast address 224.0.0.18 for the communication between master and backup routers. The virtual MAC address is 0000.5e00.01XX, where XX is the VRRP group number.

VRRP States

In this section, we will discuss the different states of VRRP. Routers that are participating in VRRP will go through all of the states.

[wptb id=795]

VRRP configuration on Cisco IOS Router / Multilayer Switch

In this section, we will configure the VRRP on Cisco IOS routers. This configuration will be almost similar to the multilayer switch. We will use the below network topology for the configuration:

how-to-configure-vrrp-on-cisco-ios

We have R1, R2, R3, SW01, and a Windows Host. Let’s start the configuration by confirming the interfaces of the routers:

Rouer R1:

interface GigabitEthernet1
ip address 172.16.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet2
ip address 101.1.1.1 255.255.255.252
negotiation auto

Router R2:

interface GigabitEthernet1
ip address 172.16.1.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet2
ip address 201.1.1.1 255.255.255.252
negotiation auto

Router R3:

interface GigabitEthernet1
ip address 101.1.1.2 255.255.255.252
negotiation auto
!
interface GigabitEthernet2
ip address 201.1.1.2 255.255.255.252
negotiation auto

Now, we will start configuring the VRRP on Routers R1, followed by R2.

On R1:

R1(config)#interface gigabitEthernet 1
R1(config-if)#vrrp 5 ip 172.16.1.100

Similarly, on R2:

R2(config)#interface gigabitEthernet 1
R2(config-if)#vrrp 5 ip 172.16.1.100

Once you enabled the VRRP, you should get the following messages:

*Jan 1 15:18:06.699: %VRRP-6-STATECHANGE: Gi1 Grp 5 state Init -> Backup
*Jan 1 15:18:10.308: %VRRP-6-STATECHANGE: Gi1 Grp 5 state Backup -> Master

You should enable the VRRP debugs in case of troubleshooting. Debugs will show you the complete VRRP states of the routers:

R1#debug vrrp events
VRRP Events debugging is on

To get the complete events, shut down the gig1 interface. Use the no shutdown command to re-enable the interface.

*Jan 1 15:30:27.351: VRRP: vrrp_interface_state: Gi1 is Up
*Jan 1 15:30:27.351: VRRP: vrrp_swif_comingup: Gi1 now Up
*Jan 1 15:30:27.351: VRRP: Enabling groups on interface GigabitEthernet1
*Jan 1 15:30:27.351: VRRP: vrrp_interface_state: Gi1 is Up
*Jan 1 15:30:27.351: VRRP: Grp 5 mincfg is met :
*Jan 1 15:30:27.351: VRRP: Grp 5 Event - Interface UP
*Jan 1 15:30:27.351: %VRRP-6-STATECHANGE: Gi1 Grp 5 state Init -> Backup
*Jan 1 15:30:28.842: VRRP: vrrp_interface_state: Gi1 is Up
*Jan 1 15:30:28.842: VRRP: vrrp_swif_comingup: Gi1 now Up
*Jan 1 15:30:28.842: VRRP: Enabling groups on interface GigabitEthernet1
*Jan 1 15:30:30.961: VRRP: Grp 5 Event - Master down timer expired
*Jan 1 15:30:30.961: %VRRP-6-STATECHANGE: Gi1 Grp 5 state Backup -> Master

Finally, go to the Host and assign the IP Address per our topology. Check the IP Address on your Host using ipconfig, and try to ping the virtual gateway.

C:\Documents and Settings\admin>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.100

You should get the ping response from Virtual Gateway with the default TTL 225.

C:\Documents and Settings\admin>ping 172.16.1.100

Pinging 172.16.1.100 with 32 bytes of data:

Reply from 172.16.1.100: bytes=32 time=2ms TTL=255
Reply from 172.16.1.100: bytes=32 time<1ms TTL=255
Reply from 172.16.1.100: bytes=32 time=1ms TTL=255
Reply from 172.16.1.100: bytes=32 time<1ms TTL=255

Ping statistics for 172.16.1.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 0ms

C:\Documents and Settings\admin>

You should find the VRRP MAC address on the Windows host:

C:\Documents and Settings\admin>arp -a

Interface: 172.16.1.10 --- 0x2
Internet Address Physical Address Type
172.16.1.100 00-00-5e-00-01-05 dynamic

Managing the VRRP on Cisco Devices

In this section, we will discuss some of the important commands to manage the VRRP. We will start with the show vrrp command, which shows complete information about VRRP.

R1#show vrrp
GigabitEthernet1 - Group 5
State is Backup
Virtual IP address is 172.16.1.100
Virtual MAC address is 0000.5e00.0105
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 172.16.1.2, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.519 sec)

This command shows complete VRRP information. VRRP is enabled on GigabitEthernet1, and the group is 5. Further, the state of the current router is Backup. Virtual IP is 172.16.1.100 & MAC is 0000.5e00.0105.

Unlike HSRP, preemption is enabled by default. The master router is 172.16.1.2 with the same priority, i.e., 100. You will get similar information on R2.

R2#show vrrp
GigabitEthernet1 - Group 5
State is Master
Virtual IP address is 172.16.1.100
Virtual MAC address is 0000.5e00.0105
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 172.16.1.2 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec

You may notice that both routers have same priority, i.e., 100. But, still, router R2 is the master and forwarding network traffic. We must understand the VRRP election process to know this behavior.

VRRP Election:

VRRP election process is almost similar to HSRP. First, the router will check the highest priority. If the priority is same, routers will check the highest IP Address.

In our case, routers have a default priority value, i.e., 100. But, R2 has an IP Address 172.16.1.2, so it becomes master.

Priority and Preemption Configuration

Priority is a numeric value between 0 – 255. The router with the highest priority becomes a master. You can configure the priority using the below command:

R1(config)#interface gigabitEthernet 1
R1(config-if)#vrrp 5 priority 150

Let’s verify the priority using the below command:

R1#show vrrp | include priority
Master Router is 172.16.1.1 (local), priority is 150

Since the preemption is enabled on VRRP. Now, the router R1 with the highest priority, i.e., 150. will become master.

*Jan 2 06:20:06.246: %VRRP-6-STATECHANGE: Gi1 Grp 5 state Backup -> Master

The preemption takes effect immediately. However, it is recommended to set some delay. So, in the case of a reboot, the router will learn the dynamic routes from its neighbors. To set a delay in VRRP preemption, you can use the below command:

R1(config-if)#vrrp 5 preempt delay minimum 60

To disable the preemption, hit the below command:

R1(config)#interface gigabitEthernet 1
R1(config-if)#no vrrp 5 preempt

Authentication

VRRP supports plain text authentication. For security reasons, you can configure the same authentication on all VRRP-enabled routers.

To configure the authentication, you can use the below commands:

R1(config-if)#vrrp 5 authentication text MY_PASS

Further Reading

Conclusion

In this article, we have discussed and configured VRRP on Cisco IOS routers. VRRP is an FHRP protocol that helps us with network redundancy and high availability. It is an open-source protocol available for non-Cisco devices as well. Like HSRP, it creates a Virtual Router with a Virtual IP & MAC address.

Did you find this article helpful? Please share it on social media platforms and show us some love

Leave a Reply

Your email address will not be published. Required fields are marked *